一、NFS
Net File System
1.nfs基本信息
nfs-utils ##安装包
nfs-server ##服务脚本
/etc/exports ##共享配置文件
2.nfs的启用
在虚拟机westosa中
mkdir /westos_storage #创建文件
vim /etc/exports #编辑配置文件
/westos_storage *(sync,ro)
systemctl start nfs-server #开启nfs服务
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
vim /etc/exports
3.nfs配置
vim /etc/exports ##此文件更改后生效exportfs -rv
共享目录 共享给谁(共享参数)
/westos_storage *(sync,ro)
测试:
[root@westosb ~]# showmount -e 172.25.254.119
Export list for 172.25.254.119:
/westos_storage *(sync,ro)
[root@westosb ~]#mount 172.25.254.119:/westos_storage /media/
4.nfs配置参数
anonuid=1000,anongid=1000 ##指定用户身份
sync ##更改生成后同步数据到服务器
async ##时时同步数据到服务器
rw ##读写
ro ##只读
no_root_squash ##root用户挂载不转换身份
练习:
在westsoa上
[root@westosa ~]# vim /etc/exports
/westos_storage *(sync,rw,anonuid=1000)
[root@westosa ~]# exportfs -rv
exporting *:/westos_storage
[root@westosa ~]# ls -ld /westos_storage/
drwxr-xr-x. 2 root root 6 May 12 12:50 /westos_storage/
[root@westosa ~]# chmod 777 /westos_storage/
[root@westosa ~]# ls -ld /westos_storage/
drwxrwxrwx. 2 root root 6 May 12 12:50 /westos_storage/
在westsob上
[root@westosb Desktop]#touch /media/westos
[root@westosb Desktop]#ls-l /media/
在westsoa上
[root@westosa ~]# vim /etc/exports
/westos_storage *(sync,rw,anonuid=1000,anongid=1000)
[root@westosa ~]# exportfs -rv
exporting *:/westos_storage
在westsob上
[root@westosb Desktop]#touch /media/westos1
[root@westosb Desktop]#ls-l /media/
在westsoa上
[root@westosa ~]# vim /etc/exports
/westos_storage *(sync,rw,no_root_squash) #root用户挂载不转换身份
[root@westosa ~]# exportfs -rv
exporting *:/westos_storage
在westsob上
[root@westosb Desktop]#touch /media/westos2
[root@westosb Desktop]#ls-l /media/
取消挂载
5.nfs+autofs
参看autofs章节内容
vim /etc/auto.nfs
nfs 172.25.254.30:/westosdir
6.autofs+samba
autofs:
dnf search autofs #查询与autofs相关的软件包
dnf install autofs.x86_64 -y #安装autofs.x86_64
在客户端实现自动挂载卸载的软件
配置方式:
vim /etc/auto.master #配置自动挂载目录
最终挂载点的上层目录 自动以子策略文件
/westos /etc/auto.nfs
vim /etc/auto.nfs
storage -rw 172.25.254.119:/westos_storage
systemctl enable --now autofs.service #开启autofs服务
systemctl status autofs.service #重启autofs服务
cd /westso/storage
df #查看是否自动挂载
测试:
等待资源闲置超时 ##默认300秒
vim /etc/autofs.conf
Timeout=3 #改为3秒
cd /westos/storage
df
cd
等待3秒
df #查看挂载目录
挂载资源自动卸载
二、samba服务
1.samba服务简介
作用:
smb = Server Message Block Sum
cifs = Common Internet File System Miscrosoft
windows系统共享文件时用到的协议smb
smb是由miscrosoft+sun
Linux cifs
2.samba基本信息
服务启动脚本:smb.service
主配置目录:/etc/samba
主配置文件:/etc/smb.conf
安全上下文:samba_share_t
端口:139 445
安装包:samba samba-common
3.samba的安装与启用
samba的安装:
dnf install samba samba-common samba-client -y
samba服务启动:
systemctl enable --now smb
samba服务启用
firewall-cmd --permanent --add-service=samba #加入防火墙策略
firewall-cmd --reload
测试:
smbclient -L //172.25.254.119/ -U westos ##当要输入root密码时请直接回车
4.samba用户的建立
1.samba用户必须是本地存在的用户
2.samba用户的建立
smbpasswd -a westos ##添加用户
pdbedit -L ##查看用户列表
pdbedit -x westos ##删除用户
5.samba用户访问加目录
当selinux开启时:
setsebool -P samba_enable_home_dirs on
windows下
\\172.25.254.20 ##访问
net use ##查看访问记录
net use * /del ##删除访问记录
在linux下:
smbclient //172.25.254.119/westos -U westos
6.samba服务共享目录
mkdir /westosdir
vim /etc/samba/smb.conf
[westosdir] ##共享名称
comment = westosdir ##共享说明
path = /westosdir ##共享路径
touch /westosdir/westosfile{1..5}
semanage fcontext -a -t samba_share_t '/westosdir(/.*)?' #修改安全上下文
restorecon -RvvF /westosdir/
systemctl restart smb #重启smb服务
测试:
smbclient //172.25.254.119/westosdir -U westos
共享/mnt
vim /etc/samba/smb.conf #修改配置文件
[mnt] ##共享名称
comment = mnt ##共享说明
path = /mnt ##共享路径
systemctl restart smb #重启smb服务
smbclient -L //172.25.254.119/ -U westos
ls /mnt
smbclient //172.25.254.119/mnt -U westos
getsebool -a | grep samba
setsebool -P samba_export_all_rw on #开启服务
smbclient //172.25.254.119/mnt -U westos
7.samba的访问控制
hosts allow 172.25.254.30 172.25.254. ##当写到单独共享时之对此共享生效
hosts deny ##当写到【GLOBAL】时对samba整体生效
在westosa
cd /etc/samba/
ls
cp -p smb.conf.example smb.conf
vim /etc/samba/smb.conf
84 hosts allow =172.25.254.119 #只允许其一个访问,白名单
85 workgroup = MYGROUP
86 server string = Samba Server Version %v
systemctl restart smb.service #重启服务
smbclient //172.25.254.119/westos -U westos
在westosa中
vim /etc/samba/smb.conf
84# hosts allow =172.25.254.119 #只允许其一个访问,白名单
85 hosts deny =172.25.254.119 #不允许其访问,黑名单
86 workgroup = MYGROUP
87 server string = Samba Server Version %v
systemctl restart smb.service #重启服务
smbclient //172.25.254.119/westos -U westos #无法访问
在westosb中
smbclient //172.25.254.119/westos -U westos #可以访问
在westosa中
vim /etc/samba/smb.conf
84# hosts allow =172.25.254.119 #只允许其一个访问,白名单
85# hosts deny =172.25.254.119 #不允许其访问,黑名单
316 [mnt]
317 comment = mnt
318 path = /mnt
319 hosts allow =172.25.254.119 #只允许其访问/mnt
320 [westosdir]
321 comment = westosdir
322 path = /westosdir
323
systemctl restart smb.service #重启服务
smbclient //172.25.254.119/westos -U westos #可以访问
smbclient //172.25.254.119/mnt -U westos #可以访问
在westosb中
smbclient //172.25.254.119/westos -U westos #可以访问
smbclient //172.25.254.119/mnt -U westos #不可以访问
8.samba的常用配置参数
chmod 777 /westosdir #给予最高权限,为实验方便。
ls -ld /westosdir/ #查看目录权限
vim /etc/samba/smb.conf #配置文件
writable = yes ##可写
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
writable = yes
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# mount -o username=westos,password=westos //172.25.254.119/westosdir /mnt
[root@westosb ~]# df
[root@westosb ~]# touch /mnt/ltm1
[root@westosb ~]# ls /mnt
write list = westos ##指定用户可写
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
; writable = yes
write list = westos
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# umount /mnt/ #取消挂载
[root@westosb ~]# mount -o username=westos,password=westos //172.25.254.119/westosdir /mnt
[root@westosb ~]# df
[root@westosb ~]# touch /mnt/ltm2 #创建成功
[root@westosb ~]# ls /mnt
[root@westosb ~]# umount /mnt
[root@westosb ~]# mount -o username=lee,password=lee //172.25.254.119/westosdir /mnt
[root@westosb ~]# touch /mnt/ltm3 #创建失败
write list = +westos | @westos ##指定组可写
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
; writable = yes
write list = +westos
; browseable = yes
; admin users = westos
; guest ok = yes
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# mount -o username=lee,password=lee //172.25.254.119/westosdir /mnt
[root@westosb ~]# touch /mnt/ltm4 #创建失败
[root@westosb ~]# umount /mnt
[root@westosa ~]# usermod -G westos lee #给lee用户添加附加组westos
[root@westosa ~]# id lee #查看用户lee
[root@westosb ~]# mount -o username=lee,password=lee //172.25.254.119/westosdir /mnt
[root@westosb ~]# touch /mnt/ltm4 #创建成功
valid users = lee ##指定访问用户
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
; writable = yes
; write list = +westos
; browseable = yes
; admin users = westos
; guest ok = yes
valid users = lee
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# umount /mnt
[root@westosb ~]# mount -o username=lee,password=lee //172.25.254.119/westosdir /mnt
[root@westosb ~]# df #访问成功
[root@westosb ~]# umount /mnt
[root@westosb ~]# mount -o username=westos,password=westos //172.25.254.119/westosdir /mnt
[root@westosb ~]# df #访问失败
先取消挂载,在重新挂载,lee用户可以访问,westos用户不可以
valid users = +lee|@lee ##指定访问组
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
; writable = yes
; write list = +westos
; browseable = yes
; admin users = westos
; guest ok = yes
valid users = +lee
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# mount -o username=westos,password=westos //172.25.254.119/westosdir /mnt
[root@westosb ~]# df #访问失败
[root@westosb ~]# umount /mnt #取消挂载
[root@westosa ~]# usermod -G lee westos #给westos用户添加附加组lee
[root@westosa ~]# id westos #查看用户westos
[root@westosb ~]# mount -o username=westos,password=westos //172.25.254.119/westosdir /mnt
[root@westosb ~]# df #访问成功
browseable = yes|no ##是否隐藏共享
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
; write list = westos
browseable = yes
[root@westosa ~]# systemctl restart smb.service
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
; write list = westos
browseable = no
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# smbclinet -L //172.25.254.119
[root@westosb ~]# smbclinet -L //172.25.254.119
[root@westosb ~]# smbclinet -L //172.25.254.119/westosdir #隐藏文件的访问
admin users = westos ##指定此共享的超级用户身份呢
[root@westosa ~]# vim /etc/samba/smb.conf
[westosdir]
comment = westosdir
path = /westosdir
writable = yes
admin users = westos #添加
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# umount /mnt
[root@westosb ~]# mount -o username=westos,password=westos //172.25.254.119/westosdir /mnt
[root@westosb ~]# touch /mnt/ltm555
[root@westosa ~]# ls - l /westosdir #查看文件权限及组
map to guest = bad user ##写到全局设定中,匿名用户全部映射成guest guest ok = yes ##允许匿名用户访问
[root@westosa ~]# vim /etc/samba/smb.conf
map to guest = bad user
[westosdir]
comment = westosdir
path = /westosdir
writable = yes
; write list = westos
browseable = yes
admin users = westos
guest ok = yes
[root@westosa ~]# systemctl restart smb.service
[root@westosb ~]# smbclinet -L //172.25.254.119
9.samba的多用户挂载
在客户端如果用普通的挂载方式
没有用过用户验证的人也可以访问samba服务
在westosB(172.25.254.219)中
dnf install cifs-utils -y
在root用户下
vim /root/smbauth
username=westos
password=westos
chmod 600 /root/smbauth
mount -o credentials=/root/smbpass,sec=ntlmssp,multiuser //172.25.254.20/westosdir /mnt
#credentials=/root/smbpass 指定认证文件
#sec=ntlmssp 指定认证类型
#multiuser 支持多用户
su - westos
[westos@test /]$ ls /mnt ##客户端主机的wetos用户没有通过认证
ls: cannot access '/mnt': Permission denied
[westos@test ~]$ cifscreds add -u lee 172.25.254.20
Password:
[westos@test ~]$ ls /mnt/ ##通过认证可以显示
file file1111 file2 file22222
[westos@test /]$ cifscreds add -u lee 172.25.254.20
Key search failed: Key has expired ##当遇到此报错信息
[westos@test /]$ cifscreds add -u lee -d 172.25.254.20
Password:
[westos@test ~]$ cifscreds clearall ##执行以上两条命令解决报错
以下默认在[root@westosb ~]#中
dnf install cifs-utils -y #安装cifs-utils
vim /root/smbauth
username=westos
password=westos
chmod 600 /root/smbauth #文件权限
mount -o credentials=/root/smbauth //172.25.254.119/westosdir /mnt
df
su - westos
ls /mnt #可以查看
umount /mnt
df
mount -o credentials=/root/smbauth,multiuser //172.25.254.119/westosdir /mnt
su - westos
ls /mnt #可以访问
umount /mnt
df
mount -o credentials=/root/smbauth,multiuser,sec=ntlmssp //172.25.254.119/westosdir /mnt #添加认证
su - westos #切换用户为westos
ls /mnt #无法访问
credentials add 172.25.254.119 -u lee #开启认证
ls /mnt #可以访问
touch /mnt/jwl1 #创建文件wsy1
ls /mnt -l #查看文件创建所属,为westos
[root@westosa ~]#ls /westosdir -l #查看文件创建所属,为lee,这条命令在westosa主机上查询
exit #切换用户回root
touch /mnt/wsy2 #创建文件wsy2
ls /mnt -l #查看文件创建所属,为root
[root@westosa ~]#ls /westosdir -l #查看文件创建所属,为lee,这条命令在westosa主机上查询
10.autofs+samba
在客户端实现自动挂载卸载的软件
配置方式:
[root@westosb ~]# vim /etc/auto.master #配置文件
7 /misc /etc/auto.misc
8 #/westos /etc/auto.nfs
9 /westosdir /etc/auto.samba #添加
[root@westosb ~]# vim /etc/auto.samba #设置自动挂载目录
samba -fstype=cifs,credentials=/root/smbauth,multiuser,sec=ntlmssp ://172.25.254.119/westosdir
[root@westosb ~]# systemctl restart autofs.service #刷新服务
测试:
等待资源闲置超时 ##默认300秒
[root@westosb ~]# vim /etc/autofs.conf
Timeout=3 #改为3秒
[root@westosb ~]# cd /westos/samba
[root@westosb ~]# df
[root@westosb ~]# cd
等待3秒
[root@westosb ~]# df #查看挂载目录
挂载资源自动卸载
三、iscsi
1.iscsi_server #服务端(在[root@westosa ~]#中)
fdisk /dev/vdb -------> /dev/vdb1 #创建磁盘/dev/vdb1
dnf install targetcli -y #安装targetcli服务
systemctl status targetcli #查看服务targetcli状态
systemctl enable --now targetcli #开启服务targetcli
systemctl status targetcli #查看服务targetcli状态
targetcli
/> /backstores/block create westos_storage1 /dev/vdb1
/> /iscsi create iqn.2021-05.com.westos:strage1 ##IQN Iscsi Qualified Name,建立共享名称
/> /iscsi/iqn.2021-05.com.westos:strage1/tpg1/luns create /backstores/block/westos_storage1
/> /iscsi/iqn.2021-05.com.westos:strage1/tpg1/acls create iqn.2021-05.com.westos:westoskey
/> ls #查看
/> exit #退出
firewall-cmd --permanent --add-port=3260/tcp #防火墙的设置,允许端口3260
firewall-cmd --reload #刷新防火墙
2.iscsi_client #客户端(在[root@westosb ~]#中)
临时
dnf install iscsi-initiator-utils.x86_64 -y
vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2021-05.com.westos:westoskey
systemctl restart iscsi #刷新服务,两者不一样
systemctl restart iscsid #刷新服务
iscsiadm -m discovery -t st -p 172.25.254.119
iscsiadm -m node -T iqn.2021-05.com.westos:strage1 -p 172.25.254.119 -l ---> /dev/sda
fdisk /dev/sda ---> /dev/sda1
mkfs.xfs /dev/sda1
mount /dev/sda1 /mnt
永久
vim /etc/fstab #上面都是临时的,配置文件,开机自动挂载
3.iscsi的停用
客户端的停用
iscsiadm -m node -T iqn.2021-05.com.westos:strage1 -p 172.25.254.119 -u #临时
fdisk -l #无法查询到
systemctl restart iscsi #刷新服务
fdisk -l #可以查询到
tree /var/lib/iscsi/ #可以看到连接历史
iscsiadm -m node -T iqn.2021-05.com.westos:strage1 -p 172.25.254.119 -o delete #永久停用
tree /var/lib/iscsi/ #看不到
服务端的停用
[root@westosa ~]# targetcli
targetcli shell version 2.1.51
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> clearconfig confirm=true #停用true
All configuration cleared
/> ls
o- / ..................................................................... [...]
o- backstores .......................................................... [...]
| o- block .............................................. [Storage Objects: 0]
| o- fileio ............................................. [Storage Objects: 0]
| o- pscsi .............................................. [Storage Objects: 0]
| o- ramdisk ............................................ [Storage Objects: 0]
o- iscsi ........................................................ [Targets: 0]
o- loopback ..................................................... [Targets: 0]
/> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json
[root@westosa ~]#